Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

3CX Debian Install - Firewall issue

Discussion in '3CX Phone System - General' started by kyagc, Jan 23, 2017.

Thread Status:
Not open for further replies.
  1. kyagc

    Joined:
    Jul 13, 2016
    Messages:
    9
    Likes Received:
    0
    A few days ago I installed the latest build of 3CX Debian (ISO) and successfully restored a backup that I had made from a Windows server. Everything was great until incoming and outgoing calls started. I was able to answer calls and make them, but no audio was heard on either side. I changed nothing on my router (port forwarding, etc.) and IP of 3CX server hasn't changed either (it's at what it should be). I checked IPTables and it looked like it had the correct ports allowed, but wasn't allowing audio to go through either side of the call. I disabled IPTables and rebooted. Sure enough it worked or it was maybe a coincidence. Either way all outgoing and incoming calls work with audio now, but now I have no firewall on server. Is this just an issue with current Debian build or did my install not complete correctly? :confused:

    Thanks,
    KYAGC
     
  2. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    7,362
    Likes Received:
    535
    Hello @kyagc

    Did you run the firewall checker once installed to see if it passed?
    Also did you change anything in the IP tables after installation?
     
  3. kyagc

    Joined:
    Jul 13, 2016
    Messages:
    9
    Likes Received:
    0
    1. Unfortunately, I did not run firewall checker. I can re-enable IP tables and then run the firewall checker?
    2. I did not change anything in the IP tables after installation. The only thing I did was list what rules were in IP tables.
     
  4. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    7,362
    Likes Received:
    535
    Yes try to re-enable them and see if the firewall checker succeeds. with the default ip tables and no firewall behind my installation the firewall checker succeeds
     
  5. kyagc

    Joined:
    Jul 13, 2016
    Messages:
    9
    Likes Received:
    0
    OK. I re-enabled iptables..rebooted and ran the firewall checker. The only ports it was consistent on was port 5060. We don't use 5090 so that's normal. Port 9000-9255 differed on each test (see attached). Not once did it have all of them "done". The ports that didn't pass said "full cone test failed". I've uploaded a text file that has my current iptable rules (default from 3CX ISO).
     

    Attached Files:

  6. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    7,362
    Likes Received:
    535
    i have exactly the same IP table rules (default) on mine debian installation and i pass the firewall checker every time (tried a few times).
    Is there a firewall infront of the debian install that may causing the test to fail?
    also after you re enabled them do you get audio?
     
  7. Sopock

    Sopock Member

    Joined:
    Jul 11, 2012
    Messages:
    447
    Likes Received:
    20
    Maybe Windows server keep alive connections?

    https://www.3cx.com/community/threads/what-is-magic-about-firewall-checker.46709/
    www.3cx.com/blog/docs/firewall-voip-rules-check (wrong layout in IE)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. kyagc

    Joined:
    Jul 13, 2016
    Messages:
    9
    Likes Received:
    0
    OK, well that's good that we both have the same ip table rules. Technically no, I have a router in front of the 3CX install. It doesn't have a firewall app installed (we use Untangle) thus it shouldn't be blocking anything. I only allow the ports I need through port forwarding, which is the 9000-9500 and 5060. Also, our DSL modem is bridged to our router. I tried running the firewall checker again with same results as before. However, we don't have any issues with audio on either side of a call and our fax line is working as well. Maybe your firewall checker doesn't like the Untangle router software? It's Debian based software as well so you would think it wouldn't matter.
     
  9. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    7,362
    Likes Received:
    535
    Something is getting in the way most probably. Unfortunately i am not familiar with untangle so i can not advice you there. If it is not causing any issues however and you are protected with the Iptable rules then i would leave it as is and see how that goes.
     
Thread Status:
Not open for further replies.